At any point, if there's any interface between you and direct access to the data, there's a layer of trust involved in the interface. For example:
YOU
|
CLIENT
|
MASTO DB
When you load a toot from the database, it passes through the client before it gets to you. You have to trust that the client isn't going to manipulate the toot (or at least is going to manipulate it in ways that maintain fidelity).
Same with posting a toot - you have to trust the client to post it the way you meant it to be posted. In general, that's a safe enough assumption. But it would be easy enough to code a Mastodon client that, on April 1, changed the text of every toot you posted with it to "FARTSFARTSFARTS" before it was stored in the DB, or changed the text of every toot in your timeline to " 
" before rendering it without affecting the DB entry.
And the same logic holds with federation. When your toots federate out, you trust that a foreign instance isn't going to modify them before they hit that instance's database. (If another instance starts doing this, by the way, I'll block them - jsyk.)
Any time you don't have direct database access to the original, there's a layer of trust. Keep that in mind.
@noelle suspension actually doesn't stop the federation of toots. it just prevents people from following remote instances and deletes all their content off the servers.
@noelle if that's wrong i'd love to be corrected but the last time i tested this, it held true
